Wordpress plugin WP Simple Events 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2022-44742

Auth. admin+ Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin = 1.4.8 versions...

CVE-2022-44742

Auth. admin+ Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin = 1.4.8 versions...

PT-2023-14546 · Unknown · Yannick Lefebvre Community Events

Name of the Vulnerable Software and Affected Versions: Yannick Lefebvre Community Events plugin versions = 1.4.8 Description: The issue is related to a Stored Cross-Site Scripting vulnerability that requires authentication with admin+ privileges. Recommendations: For versions = 1.4.8, update to a...

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.The Community Events plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in...

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu 18.04 CVE:...

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Date: 3/8/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu...

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting

Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Date: 3/8/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu 18.04 CVE: CVE-2019-9650 1. Description: This plugin...

Cross site scripting

An XSS issue was discovered in upcomingevents.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event...

CVE-2019-9650

An XSS issue was discovered in upcomingevents.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event...

CVE-2019-9650

An XSS issue was discovered in upcomingevents.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event...

WordPress Events plugin <=2.3.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Lenon Leite in WordPress Events plugin versions =2.3.4. Solution 11/20/2017 - we were unable to find a patched version of this plugin...

Events <= 2.3.4 - Authenticated SQL Injection

Type user access: administrator user. $GET‘editevent’ is not escaped. File / Code: Path Request: /wp-content/plugins/wp-events/wp-events.php Line : 450 – 468 if isset $GET'editevent' $eventeditid = escattr $GET'editevent' ; ... $editevent = $wpdb-getrow "SELECT FROM $wpdb-prefixevents WHERE id =...

Serendipity Cross-Site Request Forgery Vulnerability

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site scripting vulnerability exists in Serendipity 2.0.5 and earlier versions of the Unexpected Events plugin or Sidebar plugin. It...

WordPress Community Events Plugin 1.3.5 - SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================================= title: SQL Injection product: WordPress Community Events Plugin vulnerable version: 1.3.5 and probably below fixed version: 1.4 CVE number: CVE-2015-3313 impact: CVSS Base...

Wordpress Events Plugin SQL Injection

+===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ \ R.I.P MichaelJackson !!!!!...

Wordpress Events Plugin SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== Wordpress Events Plugin SQL Injection Vulnerability =================================================== === Exploit SQL === »SQL : http://server/Plugins/?eventid=inj3ct C0dE...

Sql injection

SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php...

CVE-2009-1411

SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php...

CVE-2009-1411

CVE-2009-1411 describes an SQL injection in the Events plugin for Seditio CMS 1.0. The vulnerability exists in events/inc/events.inc.php and allows remote attackers to inject arbitrary SQL via the c parameter to plug.php. This leads to potential confidentiality and integrity impacts on the affect...